Authentication
Create client in Keycloak
- Login to the administration console with the admin user.
- Go to Clients > Create.
- Enter
ClientID(of your own choosing) called <CLIENT_ID>. - Click
Save. - In Settings for this newly created client:
- Disable Standard Flow Enabled.
- Disable Direct Access Grants Enabled.
- Set Access Type to
confidential. - Enable Service Accounts Enabled.
- Click
Save.
- In Service Account Roles for this newly created client:
- In Client Roles select appropriate role.
- Add role
usage-allowedto Assigned Roles.
- In Credentials for this newly created client, copy secret to Clipboard (called <CLIENT_SECRET>).
Create user in Keycloak
For <CLIENT_ROLE> choose entitylist-webapp when creating a user for the entity list and choose pseudonymization-webapp when creating a user for the pseudonymization service.
- Login to the administration console with the admin user
- Go to Users -> Add user
- Enter
Username(of your own choosing) and additional information (e.g. Name) if applicable - Click Save
- In Role Mappings for this newly created user
- In Client Roles select <CLIENT_ROLE>
- Add role
usage-allowedto Assigned Roles
- In Credentials, enter initial password. If the field
Temporaryis enabled, the user will be asked to change their password on first log in. It is recommended to have this option enabled.
Get Token
| Name | Value |
|---|---|
| Token Name | Choose any |
| Grant Type | Client Credentials |
| Access Token URL | server:port/auth/realms/trustcenter/protocol/openid-connect/token |
| Client ID | <CLIENT_ID> |
| Client Secret | <CLIENT_SECRET> |
| Scope | - |
| Client Authentication | Send as Basic Auth header |